8 Tips To Prevent Data Breaches
By Todd Sexton
The following 8 steps will help you properly assess your current electronic communication security situation, provide you with guidance to implement appropriate measures and shield your data from being exposed or exploited.
- Understand regulatory compliance requirements – to begin planning a security strategy, be aware of regulations affecting your business. These regulations can range from federal and state laws covering all businesses when handling sensitive customer data to regulations targeted at your specific industry. Implement a quarterly review of these regulations to ensure adherence.
- Identify and assess security risks in your organization – determine the location of all sensitive data and whether any protective measures are currently in place. Also, determine how your sensitive information is distributed (via email, texts, or various other channels) and who has access to information stored on corporate servers as well as in the cloud.
- Establish written security policies regarding collection/use of personal information – this is a document requiring semi-annual updates and should define the following items:
- Proper storing and disposal of electronic personal data;
- Identify an officer responsible for information security;
- Identify users inside your company with access to sensitive information, especially those with administration rights or unrestricted access to data;
- Adopt a least-privilege approach to data, providing users only enough access privileges to allow them to complete their duties;
- Block social media channels you cannot or do not wish to supervise;
- Automatically log users out and lock computers when not in use
- Educate your employees regarding common scam methods/breach threats – many internal breaches occur due to simple human error or lack of awareness, making it important to ensure your employees are aware of their actions and understand how to protect sensitive data.
- Take steps to protect when accessing Wi-Fi networks – since this is one of the easiest way for perpetrators to access your data. Precautions should include:
- Use Wi-Fi networks with caution when traveling, only use wireless networks secured with passwords;
- Ensure business Wi-Fi networks are secured at all times. Utilize a VPN (Virtual Private Network) when possible.
- Ensure all devices are adequately secured – since data leaks can occur across all channels. Important things to remember include:
- Utilize complex passwords on mobile and computer devices;
- Limit users to only devices which can be adequately protected and monitored;
- Always install patches and updates as soon as they become available;
- Ensure all software downloads are from trusted sources.
- Use encryption technology – This is a proven way to prevent security attacks. Studies in 2013 indicate 73% of all breaches could have been prevented if encryption technology was utilized. Implementing encryption technology to protect consumer data is a safe harbor under most state or federal breach regulations according to Beazley. Utilize a layered approach in all communication channels including computers, mobile devices, networks, and hard drives.
- Revise and improve your email usage standards – while 70% of businesses consider email as the top means of communication, it’s surprising that they often take so little care to secure it. Unsecured email is easily accessed even by the most inexperienced hackers. Email confidentiality statements are not adequate, nor do they protect from regulatory violations. The only sensible solution is to implement a user-friendly email security product or service.
Securing electronic messages should be one of the top IT priorities for organizations in 2015. The process should not be overly complex or expensive, however, it does require proper planning and regular revisions. While there is no such thing as a 100% breach-proof security system, the majority of attacks can easily be prevented by following the simple steps outlined in this article.